001/* 002 * Copyright 2012-2018 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.boot.web.server; 018 019/** 020 * Simple server-independent abstraction for SSL configuration. 021 * 022 * @author Andy Wilkinson 023 * @author Vladimir Tsanev 024 * @author Stephane Nicoll 025 * @since 2.0.0 026 */ 027public class Ssl { 028 029 private boolean enabled = true; 030 031 private ClientAuth clientAuth; 032 033 private String[] ciphers; 034 035 private String[] enabledProtocols; 036 037 private String keyAlias; 038 039 private String keyPassword; 040 041 private String keyStore; 042 043 private String keyStorePassword; 044 045 private String keyStoreType; 046 047 private String keyStoreProvider; 048 049 private String trustStore; 050 051 private String trustStorePassword; 052 053 private String trustStoreType; 054 055 private String trustStoreProvider; 056 057 private String protocol = "TLS"; 058 059 /** 060 * Return whether to enable SSL support. 061 * @return whether to enable SSL support 062 */ 063 public boolean isEnabled() { 064 return this.enabled; 065 } 066 067 public void setEnabled(boolean enabled) { 068 this.enabled = enabled; 069 } 070 071 /** 072 * Return Whether client authentication is not wanted ("none"), wanted ("want") or 073 * needed ("need"). Requires a trust store. 074 * @return the {@link ClientAuth} to use 075 */ 076 public ClientAuth getClientAuth() { 077 return this.clientAuth; 078 } 079 080 public void setClientAuth(ClientAuth clientAuth) { 081 this.clientAuth = clientAuth; 082 } 083 084 /** 085 * Return the supported SSL ciphers. 086 * @return the supported SSL ciphers 087 */ 088 public String[] getCiphers() { 089 return this.ciphers; 090 } 091 092 public void setCiphers(String[] ciphers) { 093 this.ciphers = ciphers; 094 } 095 096 /** 097 * Return the enabled SSL protocols. 098 * @return the enabled SSL protocols. 099 */ 100 public String[] getEnabledProtocols() { 101 return this.enabledProtocols; 102 } 103 104 public void setEnabledProtocols(String[] enabledProtocols) { 105 this.enabledProtocols = enabledProtocols; 106 } 107 108 /** 109 * Return the alias that identifies the key in the key store. 110 * @return the key alias 111 */ 112 public String getKeyAlias() { 113 return this.keyAlias; 114 } 115 116 public void setKeyAlias(String keyAlias) { 117 this.keyAlias = keyAlias; 118 } 119 120 /** 121 * Return the password used to access the key in the key store. 122 * @return the key password 123 */ 124 public String getKeyPassword() { 125 return this.keyPassword; 126 } 127 128 public void setKeyPassword(String keyPassword) { 129 this.keyPassword = keyPassword; 130 } 131 132 /** 133 * Return the path to the key store that holds the SSL certificate (typically a jks 134 * file). 135 * @return the path to the key store 136 */ 137 public String getKeyStore() { 138 return this.keyStore; 139 } 140 141 public void setKeyStore(String keyStore) { 142 this.keyStore = keyStore; 143 } 144 145 /** 146 * Return the password used to access the key store. 147 * @return the key store password 148 */ 149 public String getKeyStorePassword() { 150 return this.keyStorePassword; 151 } 152 153 public void setKeyStorePassword(String keyStorePassword) { 154 this.keyStorePassword = keyStorePassword; 155 } 156 157 /** 158 * Return the type of the key store. 159 * @return the key store type 160 */ 161 public String getKeyStoreType() { 162 return this.keyStoreType; 163 } 164 165 public void setKeyStoreType(String keyStoreType) { 166 this.keyStoreType = keyStoreType; 167 } 168 169 /** 170 * Return the provider for the key store. 171 * @return the key store provider 172 */ 173 public String getKeyStoreProvider() { 174 return this.keyStoreProvider; 175 } 176 177 public void setKeyStoreProvider(String keyStoreProvider) { 178 this.keyStoreProvider = keyStoreProvider; 179 } 180 181 /** 182 * Return the trust store that holds SSL certificates. 183 * @return the trust store 184 */ 185 public String getTrustStore() { 186 return this.trustStore; 187 } 188 189 public void setTrustStore(String trustStore) { 190 this.trustStore = trustStore; 191 } 192 193 /** 194 * Return the password used to access the trust store. 195 * @return the trust store password 196 */ 197 public String getTrustStorePassword() { 198 return this.trustStorePassword; 199 } 200 201 public void setTrustStorePassword(String trustStorePassword) { 202 this.trustStorePassword = trustStorePassword; 203 } 204 205 /** 206 * Return the type of the trust store. 207 * @return the trust store type 208 */ 209 public String getTrustStoreType() { 210 return this.trustStoreType; 211 } 212 213 public void setTrustStoreType(String trustStoreType) { 214 this.trustStoreType = trustStoreType; 215 } 216 217 /** 218 * Return the provider for the trust store. 219 * @return the trust store provider 220 */ 221 public String getTrustStoreProvider() { 222 return this.trustStoreProvider; 223 } 224 225 public void setTrustStoreProvider(String trustStoreProvider) { 226 this.trustStoreProvider = trustStoreProvider; 227 } 228 229 /** 230 * Return the SSL protocol to use. 231 * @return the SSL protocol 232 */ 233 public String getProtocol() { 234 return this.protocol; 235 } 236 237 public void setProtocol(String protocol) { 238 this.protocol = protocol; 239 } 240 241 /** 242 * Client authentication types. 243 */ 244 public enum ClientAuth { 245 246 /** 247 * Client authentication is not wanted. 248 */ 249 NONE, 250 251 /** 252 * Client authentication is wanted but not mandatory. 253 */ 254 WANT, 255 256 /** 257 * Client authentication is needed and mandatory. 258 */ 259 NEED 260 261 } 262 263}